Changing a username while keeping the email unchanged leads to 409 conflict

adorsys / keycloak-config-cli

Import YAML/JSON-formatted configuration files into Keycloak - Configuration as Code for Keycloak.

Apache License 2.0

759 stars 136 forks source link

Open tobilarscheid opened 2 years ago

tobilarscheid commented 2 years ago

Create a realm.yaml that contains a user with a name and an email address
Run keycloak-config-cli to apply the realm.yaml
Change the realm.yaml so that the user's email stays the same but the username is changed
Rerun keycloak-config-cli --> error, 409 Conflict

A new user with the new name should be created, the old user should disappear

No response

No response

jkroepke commented 2 years ago

Deleting users is currently not implemented in keycloak-config-cli, only create and update.

Thats why keycloak-config-cli will not delete the old user and the new user has a conflict with the existing user.

tobilarscheid commented 2 years ago

I understand, thanks for the quick reply! Happy to provide a PR if you point me in the right direction.

jkroepke commented 2 years ago

For deleting users, a remote state needs to be implement. Otherwise, Keycloak-config-cli is going to delete all users which is a major incident.

Take a look, how Realm Roles are handled on deletion.

github-actions[bot] commented 2 years ago

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

testuser7 commented 2 years ago

Is there any plan to add the remote state feature?

tobilarscheid commented 2 years ago

Hi @testuser7 (what a name ;-) ), I haven't looked into it so far!